* Refine the upgrade steps.
These could use a third party validation. The upgrade instructions
are mostly generic at this point, although the MTLS handling is not
necessarily generic between releases. I had thought we removed the
mtls global setting in this release, yet the existing docs state
this config option should be used.
* Update content/docs/setup/kubernetes/upgrade/steps/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
* Update content/docs/setup/kubernetes/upgrade/steps/index.md
Co-Authored-By: Rigs Caballero <grca@google.com>
Update the installation options for release-1.2 and the installation
option changes between release 1.1 and release 1.2. These changes have
been generated by the updated changes to tablegen.py in the
PR: https://github.com/istio/istio.io/pull/4402Fixes: #4374
* prep release note 1.2
* create release note 1.2 based on draft from wiki
* add a diff
* tweaks
* fix lint
* fix lint
* fix lint
* fix lint
* reorg a bit
* add missing rewrite prob annotation
* addressed Martin's comment
* add a release note item for 12824
* various update
* 3 month window
* a pass review with louis and josh
* typo
* a few link update
* Apply suggestions from code review
Co-Authored-By: mandarjog <mandarjog@gmail.com>
* more feedback
* galley related changes
* Update content/boilerplates/notes/1.2.md
Co-Authored-By: mandarjog <mandarjog@gmail.com>
* more updates
* more updates
* update mandar's change
* add link to annotationn
* Update content/boilerplates/notes/1.2.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/boilerplates/notes/1.2.md
Co-Authored-By: Ozben Evren <ozevren@users.noreply.github.com>
* Update content/boilerplates/notes/1.2.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* remove jitter in CSR
since it is in 1.1 4550986e42
also limin confirmed NO RBAC channges in 1.2
* add a link to sidecar none
* add feature maturity
* typo
* field->flag
* add a link
* added CNI support
* added a few others item
* typo
* Update content/boilerplates/notes/1.2.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* typos
* Update content/boilerplates/notes/1.2.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Update content/boilerplates/notes/1.2.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* some tweak for sds and remove service tracing
* fix link and lint
* add words
* fix link
* Update content/boilerplates/notes/1.2.md
Co-Authored-By: Oliver Liu <yonggangl@google.com>
* Add new Traffic management concept.
Wrote a new "Traffic management" concept to include the latest developments.
Organized the content into smaller pages to make it easier to consume. The new
structure improves visibility and each page includes keywords to improve the
"See Also" pieces of suggested content and SEO. The new concept includes
diagrams and examples. Each section starts with the larger picture and then
moves to explain the specifics.
Signed-off-by: rcaballeromx <grca@google.com>
* Improved based on review comments.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix Hugo front matter.
Signed-off-by: rcaballeromx <grca@google.com>
* Fix false positives in links test.
Signed-off-by: rcaballeromx <grca@google.com>
* Remove terms from exceptions file.
Signed-off-by: rcaballeromx <grca@google.com>
* Revert "Add new Traffic management concept."
This reverts commit de9d0e0225.
Having back-ticks at the beginning of the lines was causing Hugo not to generate
the pages at build time. Moved the content with backticks away from the start of
the lines seems to fix the issue.
Signed-off-by: rcaballeromx <grca@google.com>
* Update feature stages for 1.2 release.
* Adjust stability of security features in consultatin with diemtvu and liminw.
* SNI multi cert now stable.
* Update feature stages based on feedback.
* Respond to code review feedback.
* add missing cleanup step for authn policy task section 1
The "*.local" rule created in "Globally enabling Istio mutual TLS"
was not removed during the cleanup section, leading to unexpected
503s for users continuing on to the next section (enabling
per-namespace).
* Note that jwcrypto needs to be present to run gen_jwt.py
* Apply suggestions from code review
Co-Authored-By: Rigs Caballero <grca@google.com>
* Fix the flow and language of the Getting started doc.
Signed-off-by: rcaballeromx <grca@google.com>
* Add cross-reference on the k8s install guide.
Signed-off-by: rcaballeromx <grca@google.com>
* Rework concluding paragraph to clarify timeline.
Signed-off-by: rcaballeromx <grca@google.com>
* Move cross-reference to landing page.
Signed-off-by: rcaballeromx <grca@google.com>
* Add new Traffic management concept.
Wrote a new "Traffic management" concept to include the latest developments.
Organized the content into smaller pages to make it easier to consume. The new
structure improves visibility and each page includes keywords to improve the
"See Also" pieces of suggested content and SEO. The new concept includes
diagrams and examples. Each section starts with the larger picture and then
moves to explain the specifics.
* fix the egress gateway example
need to change static because one address was host the other was ip.
* update to make it cleaner
* minor typo
* minor tweaks
* fix lint
* format change
* fix lint
* fix lint
* clean up tips per frank and shriram's suggestion
* fix lint
* Remove links to outdated code
The code for this was removed in:
https://github.com/istio/istio/pull/14678/files
I don't read/speak ZH, so struggle to understand how to properly
reword the text. In the interim, just remove the links from the ZH
pages.
* Fix a envoy doc link failures
The fonts used in arch.svg were incorrect and didn't match the
rest of the website. In addition, there was some stray text.
I produced this file based upon the svg in 1.1 - after changing
"service A" to "service B" on the right side of the diagram. Somewhere
in 1.2, this error was fixed, but the font regression was introduced.
Fixes: #4375
GDB is no longer shipped in the containers. Whether it should be or not
is not relevant for 1.2 (its too late to add GDB to 1.2). Remove
GDB from the documentaiton. We don't really expect operators would
use GDB in production. If GDB were reintroduced to the containers,
it may make sense to document GDB in the developer wiki.
Fixes: #4361
* rbac: simplify and make authorization HTTP/TCP tasks consistent
* Simplify the Bookinfo deployment, the service accounts could just be
added with the default Bookinfo deployment.
* Make the `Before you begin` section more consistent for HTTP and TCP
tasks
* address comments
* fix link
* Refine the multicluster gateways installation documentation
Change all occurances of we to you.
Use the kubernetes version macro instead of hard-coding.
Refinements to the wording in various places.
Improvements to the workflow, so it works 100% of the time instead of most of the time.
Add the a warning flag related to the samples certs.
Add more information about stubbing a domain for cloud provides that have specific unique procedures.
* refinements
* Fix shortcode error
* Fix linting problems
* Apply review comments.
- Rename "Operations Guide" to "Operations" so it fits better in the sidebar.
- Rename the main kubernetes install page to "Installing on Kubernetes" rather than
just "Kubernetes" which was a bit odd when landing there. Links to the page in the
sidebar and elsewhere still say "Kubernetes" since these usually appear in context.
* Enhance minikube getting started page
Several errors with the minikube page under more intense review. These
errors were fixed. Several warnings were added specifically about not
specifying enough memory.
Fixes: 4923
* Fix linting error
* Cleanup after visual inspection.
* The correct spelling of minikube is all lowercase
* Hypervisor is now only used as lowercase
* remove whitespace
* Try a text_hack block instead of text_bash
* Apply Frank's slack suggestion to get the gate moving
* Fix linting problems and apply reviewer comments
* More refinements
* Edits to rate limiting task
* Edits to whitelisting tasks cleanup
* Minor Edits to control headers and routing task
* Fixed based on feedback
* Adding minor fix for https://github.com/istio/istio/issues/14284 in rate limiting task
* lint error
* Change text bash to text bash yaml for yaml output
* Remove 'things' in favor of more specific terms
Explicitly spelling out that these are bits of configuration is more
explicit.
* Add clarification on namespace and host network limitations
This adds clarifications on the limitations on sidecar injection for
particular namespaces and for pods with host networking.
The clarifications are in two spots because without either of them, the
information provided is incomplete. Saying that whether the sidecar is
injected or not is only dependant on three bits of config isn't really
accurate. And including the troubleshooting steps without mentioning
these hard limits isn't accurate either.
* Remove whitespace and fix spelling error
* Remove misplaced 'is'
* Fix typo
* Replace 'limitation' language with 'security rules'
This emphasises that these restrictions are by design, and are intended
to provide security to users.
* Clarify the outcome of annotating pods that violate security rules
This clarifies that if pods on the host network or in system namespaces
will be ignored by the sidecar injector, as opposed to other failures or
errors.
* Update lists to use correct Hugo format
* Indent paragraph to fix formatting and numbering
This indentation should fix the formatting of this paragraph so that it
appears correctly under the second element of the ordered list. It
should also ensure that the ordered list continues at 3 with the next
item.
* Add whitespace to ensure correct formatting of lists
* Fixes Issue #4142
Document the helm whitespace command line problem. We should consider
producing a list of known Helm problems as they relate to Istio - post
1.2 (with a quick backport to all of the branches including deprecated
Istio versions). It will take some time to generate this list, but we
could replace this 1 warning with all of the various Helm issues we
see in production usage along with the upstream tracking bug.
* Improve readability of this change
* compress the text of this issue
* update endpoints instructions
Signed-off-by: Kuat Yessenov <kuat@google.com>
* typo
Signed-off-by: Kuat Yessenov <kuat@google.com>
* typo
Signed-off-by: Kuat Yessenov <kuat@google.com>
* mTLS is not a word apparently
Signed-off-by: Kuat Yessenov <kuat@google.com>
* typo
Signed-off-by: Kuat Yessenov <kuat@google.com>
* Refine the concepts for multicluster
THe original document is very well written. It can be improved on
slightly by removing code names, and correcting some inconsistencies.
mtail